Announcing the new Security Engineering website

February 4, 2019

To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in every situation. However, Microsoft’s long commitment to security has demonstrated that there are a number of security practices that have survived the passage of time, and when applied flexibly in harmony with many approaches, will improve the security of products or cloud services.

We are sharing the results of our experiences through our new Security Engineering website, which includes updated Microsoft Security Development Lifecycle (SDL) practices that focus on development teams and what we believe to be the basic minimum steps for addressing security concerns when using open source. Additionally, we’ve included more specific Operational Security Assurance (OSA) practices, aligned with the operational lifecycle of cloud services, and we touch on how these can be brought together to deliver Secure DevOps.

Throughout the site you will find useful references and resources to help. There are even consulting services offerings if you need them. See our Security documentation, where many of these resources can be found along with other useful security research papers, guides, and references. We hope you find the new Security Engineering site useful and encourage you to explore and share with your development and operations teams.